Redirect for the Github Authorization should use HTTPS rather than HTTP in production #260
Labels
Comments
|
@goneall Which code needs to be updated? I think only Github configuration needs to be changed. |
|
@rtgdk I'm not sure where the code is that needs to be updated, but there is a call to the Github API's where a URL is passed as a parameter for the authentication callback. That code should be changed from |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm not sure if this is a security vulnerability, but the redirect probably should use HTTP rather than HTTPS.
Just changing it to HTTPS will likely mess up those running the spdx-online-tools in test environments or local development environments.
Perhaps the System configuration debug could be checked and the appropriate redirect made.
NOTE: the Github Auth configurations need to be updated to HTTPS as well as the code once this goes into production.
The text was updated successfully, but these errors were encountered: